| @@ -1,17 +1,19 @@ | | | @@ -1,17 +1,19 @@ |
1 | $NetBSD: patch-stud.c,v 1.1 2013/03/16 19:41:36 jym Exp $ | | 1 | $NetBSD: patch-stud.c,v 1.2 2015/02/20 09:32:07 fhajny Exp $ |
2 | | | 2 | |
3 | SunOS fixes as per https://github.com/bumptech/stud/pull/71. | | 3 | SunOS fixes as per https://github.com/bumptech/stud/pull/71. |
4 | --- stud.c.orig 2012-08-15 10:33:39.000000000 +0000 | | 4 | SSL fixes as per https://github.com/bumptech/stud/pull/130. |
| | | 5 | |
| | | 6 | --- stud.c.orig 2012-08-10 23:40:19.000000000 +0000 |
5 | +++ stud.c | | 7 | +++ stud.c |
6 | @@ -189,9 +189,17 @@ typedef struct proxystate { | | 8 | @@ -189,9 +189,17 @@ typedef struct proxystate { |
7 | | | 9 | |
8 | /* Set a file descriptor (socket) to non-blocking mode */ | | 10 | /* Set a file descriptor (socket) to non-blocking mode */ |
9 | static void setnonblocking(int fd) { | | 11 | static void setnonblocking(int fd) { |
10 | - int flag = 1; | | 12 | - int flag = 1; |
11 | - | | 13 | - |
12 | - assert(ioctl(fd, FIONBIO, &flag) == 0); | | 14 | - assert(ioctl(fd, FIONBIO, &flag) == 0); |
13 | + int flag; | | 15 | + int flag; |
14 | +#if defined(O_NONBLOCK) | | 16 | +#if defined(O_NONBLOCK) |
15 | + /* O_NONBLOCK is more portable and POSIX-standard */ | | 17 | + /* O_NONBLOCK is more portable and POSIX-standard */ |
16 | + flag = O_NONBLOCK; | | 18 | + flag = O_NONBLOCK; |
17 | + assert (fcntl(fd, F_SETFL, flag) == 0); | | 19 | + assert (fcntl(fd, F_SETFL, flag) == 0); |
| @@ -25,27 +27,58 @@ SunOS fixes as per https://github.com/bu | | | @@ -25,27 +27,58 @@ SunOS fixes as per https://github.com/bu |
25 | | | 27 | |
26 | /* set a tcp socket to use TCP Keepalive */ | | 28 | /* set a tcp socket to use TCP Keepalive */ |
27 | @@ -203,9 +211,9 @@ static void settcpkeepalive(int fd) { | | 29 | @@ -203,9 +211,9 @@ static void settcpkeepalive(int fd) { |
28 | ERR("Error activating SO_KEEPALIVE on client socket: %s", strerror(errno)); | | 30 | ERR("Error activating SO_KEEPALIVE on client socket: %s", strerror(errno)); |
29 | } | | 31 | } |
30 | | | 32 | |
31 | +#ifdef TCP_KEEPIDLE | | 33 | +#ifdef TCP_KEEPIDLE |
32 | optval = CONFIG->TCP_KEEPALIVE_TIME; | | 34 | optval = CONFIG->TCP_KEEPALIVE_TIME; |
33 | optlen = sizeof(optval); | | 35 | optlen = sizeof(optval); |
34 | -#ifdef TCP_KEEPIDLE | | 36 | -#ifdef TCP_KEEPIDLE |
35 | if(setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &optval, optlen) < 0) { | | 37 | if(setsockopt(fd, SOL_TCP, TCP_KEEPIDLE, &optval, optlen) < 0) { |
36 | ERR("Error setting TCP_KEEPIDLE on client socket: %s", strerror(errno)); | | 38 | ERR("Error setting TCP_KEEPIDLE on client socket: %s", strerror(errno)); |
37 | } | | 39 | } |
38 | @@ -1751,24 +1759,16 @@ void daemonize () { | | 40 | @@ -889,6 +897,13 @@ static void shutdown_proxy(proxystate *p |
| | | 41 | close(ps->fd_up); |
| | | 42 | close(ps->fd_down); |
| | | 43 | |
| | | 44 | + // Clear the SSL error queue - it might contain details |
| | | 45 | + // of errors that we haven't consumed for whatever reason. |
| | | 46 | + // If we don't, future calls to SSL_get_error will lead to |
| | | 47 | + // weird/confusing results that can throw off the handling |
| | | 48 | + // of normal conditions like SSL_ERROR_WANT_READ. |
| | | 49 | + ERR_clear_error(); |
| | | 50 | + |
| | | 51 | SSL_set_shutdown(ps->ssl, SSL_SENT_SHUTDOWN); |
| | | 52 | SSL_free(ps->ssl); |
| | | 53 | |
| | | 54 | @@ -1197,7 +1212,15 @@ static void client_handshake(struct ev_l |
| | | 55 | shutdown_proxy(ps, SHUTDOWN_SSL); |
| | | 56 | } |
| | | 57 | else { |
| | | 58 | - LOG("{%s} Unexpected SSL error (in handshake): %d\n", w->fd == ps->fd_up ? "client" : "backend", err); |
| | | 59 | + |
| | | 60 | + // Try and get more detail on the error from the SSL |
| | | 61 | + // error queue. ERR_error_string requires a char buffer |
| | | 62 | + // of 120 bytes. |
| | | 63 | + unsigned long err_detail = ERR_get_error(); |
| | | 64 | + char err_msg[120]; |
| | | 65 | + ERR_error_string(err_detail, err_msg); |
| | | 66 | + |
| | | 67 | + LOG("{client} Unexpected SSL error (in handshake): %d, %s\n", err, err_msg); |
| | | 68 | shutdown_proxy(ps, SHUTDOWN_SSL); |
| | | 69 | } |
| | | 70 | } |
| | | 71 | @@ -1751,24 +1774,16 @@ void daemonize () { |
39 | exit(0); | | 72 | exit(0); |
40 | } | | 73 | } |
41 | | | 74 | |
42 | - /* close standard streams */ | | 75 | - /* close standard streams */ |
43 | - fclose(stdin); | | 76 | - fclose(stdin); |
44 | - fclose(stdout); | | 77 | - fclose(stdout); |
45 | - fclose(stderr); | | 78 | - fclose(stderr); |
46 | - | | 79 | - |
47 | /* reopen standard streams to null device */ | | 80 | /* reopen standard streams to null device */ |
48 | - stdin = fopen(NULL_DEV, "r"); | | 81 | - stdin = fopen(NULL_DEV, "r"); |
49 | - if (stdin == NULL) { | | 82 | - if (stdin == NULL) { |
50 | + if (freopen(NULL_DEV, "r", stdin) == NULL) { | | 83 | + if (freopen(NULL_DEV, "r", stdin) == NULL) { |
51 | ERR("Unable to reopen stdin to %s: %s\n", NULL_DEV, strerror(errno)); | | 84 | ERR("Unable to reopen stdin to %s: %s\n", NULL_DEV, strerror(errno)); |